Windows defender found a trojan in ChatGPT.exe[Security]

[KullAxel]

Description

After installing the program windows detected a trojan in the ChatGPT.exe files.

Trojan:Win64/Malgent!MSR

Anyone else had this happaning?

Motivation

No response

Alternatives

No response

Additional context

No response

[joshuafuller]

Windows Defender just flagged the app for me as well.

"Trojan:Win64/Malgent!MSR" in "ChatGPT.exe"

[fant5y]

Did that to me too, 10 Minutes ago.

Threat quarantined
18.02.2023 19:28
Detected: Trojan:Win64/MaIgent!MSR
Status: Quarantined
Quarantined files are in a restricted area where they can't harm your device. They will
be removed automatically.
Date: 18.02.2023 19:29
Details: This program is dangerous and executes commands from an attacker.
Affected items:
file: C:\Program Files\ChatGPT\ChatGPT.exe
file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChatGPT
\ChatGPT.lnk
file: C:\Users\USERNAME\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
\User Pinned\TaskBar\ChatGPT.Ink
startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChatGPT
\ChatGPT.lnk

[ColtonHyland]

Mine as well

[harveywalker500]

Same here

[fruini]

Happened to me as well.

[pblue3]

Same here, should we be worried about it?

[0com]

Me too

[hlatifpk]

I am also facing the same issue. ChatGPT was removed automatically from my system by Windows Defender. I reinstalled and Windows Defender instantly sent me notification which has following information.

Trojan:Win64/Malgent!MSR
Alert level: Severe
Status: Active
Date: 2/19/2023 4:31 AM
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.
Affected items: file: C:\Program Files\ChatGPT\ChatGPT.exe
file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChatGPT\ChatGPT.lnk
file: C:\Users\Public\Desktop\ChatGPT.lnk
startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChatGPT\ChatGPT.lnk

In my personal point of view Microsoft intentionally doing this via Windows Defender to promote Bing since they are integrating ChatGPT in Bing

[jonasmarco]

Same here

[Ethkuil]

#436 Duplicate.
Current progress: #436 (comment)

[RW2023]

Leaving a comment now but it did for me yesterday.

[HashWrangler]

[lencx]

startup： It should be a boot auto-start feature that I added in a previous version, not a recent update. https://github.com/lencx/tauri-plugins-workspace/tree/dev/plugins/autostart

[cycalo]

uninstall this CCP funded trojan program

[0xeb]

it is open source project. feel free to audit it and build it yourself.

[ColtonHyland]

do the devs know why windows defender is flaggin this? I dont feel comfortable using the program after this flagged

[lencx]

do the devs know why windows defender is flaggin this? I dont feel comfortable using the program after this flagged

I don't really know why it's flagged, but I'm sure it's safe. If you guys want to leave it, I respect your decision.

[lencx]

I've updated the readme. security agencies have now detected a trojan in the unknown download link.

🛑 URGENT NOTICE: A hacker has been found to take advantage of the heat of lencx/ChatGPT to plant a Trojan horse after the fork project and rebuild the installer. If you have friends around you who are using this desktop application, please remind them not to download unknown links freely. Now the project will remove other installation ways and only provide this download link https://github.com/lencx/ChatGPT/releases

🛑 紧急通知：目前发现有黑客利用 lencx/ChatGPT 的热度，在 fork 项目后植入木马，重新构建安装程序。如果你身边有朋友正在使用此桌面应用，请提醒 TA 们不要随意下载不明链接。现在项目将删除其他安装途径，仅提供此下载链接 https://github.com/lencx/ChatGPT/releases

[cycalo]

Can you explain the unknown download link ? I only ever used the known download link within this GitHub?

[lencx]

Can you explain the unknown download link ? I only ever used the known download link within this GitHub?

I can't know the source of the dangerous download link at the moment either, because the project is too widespread at the moment, and it's open source, so anyone can rebuild it and release it. Once the application is flagged as a Trojan by windows defender, it seems that the application downloaded by this project will also be detected as a Trojan by security.

[joshuafuller]

Hi all,

Just wanted to suggest that Yara might be helpful in identifying potentially malicious forks of this project. Yara can detect malware based on patterns and signatures, so you could create Yara rules to describe the characteristics of the malware and then use Yara to scan the fork's code. Of course, scanning all forks can be time-consuming and it's important to respect users' privacy.

Yara is not a silver bullet, but it could be worth exploring as part of a comprehensive security strategy.

[lencx]

Just wanted to suggest that Yara might be helpful in identifying potentially malicious forks of this project. Yara can detect malware based on patterns and signatures, so you could create Yara rules to describe the characteristics of the malware and then use Yara to scan the fork's code. Of course, scanning all forks can be time-consuming and it's important to respect users' privacy.

Yara is not a silver bullet, but it could be worth exploring as part of a comprehensive security strategy.

It may just be a clone of the repository code, not a fork.

[olljanat]

@lencx two important thing which I see have have missing both here and your new project:

• You should digitally sign both binary and installer, at least on Windows. Currently also Edge browser warn about installed and suggest to removing it because of missing digital signature. Best option is if you can get official code signing certificate but even self signed would be better than nothing.
  • You can also send both of those for Microsoft from https://www.microsoft.com/en-us/wdsi/filesubmission/ so they will run automated tests for it and mark it to safe.
• You should modify those MSI packages in way that they can be installed also without admin rights to user profile.

[oliverw]

The installer should not need elevated permissions at all.

[olljanat]

Yes, that is fully doable like you can see from custom version https://github.com/olljanat/chatgpt

Here issue however is that only Tauri 2.0 can create that kind of installer and those are still on alpha versions.

[UBIadeWorks]

Got the warn trying to compile a Python program with pyinstaller